Support certbot with ncsa-cert-manager

ncsa / puppet-profile_website

NCSA Common Puppet Profiles - configure an Apache HTTPd website

0 stars 0 forks source link

Support certbot with ncsa-cert-manager #4

Closed billglick closed 2 years ago

billglick commented 3 years ago

Add support for using certbot with ncsa-cert-manager: https://wiki.ncsa.illinois.edu/pages/viewpage.action?pageId=144016536

Once working, this should probably be the default over LetsEncrypt for hosts in the following domains:

*.cosmology.illinois.edu
*.ncsa.illinois.edu 
*.ncsa.edu
*.cilogon.org
*.scitokens.org
*.adstor.illinois.edu
*.terraref.org

May still be able to leverage (or port) some of the functionality of the letsencrypt puppet module to manage certbot, etc.

billglick commented 2 years ago

I think this mainly involves swapping out the server in the letsencrypt hiera data to point to ncsa-cert-mgr and creating a TXT record in DNS. But I have not had time to experiment with this. And it is unclear how ‘supported’ this is at NCSA since Kapal left a couple years ago.

ACME is the protocol that LetsEncrypt and certbot use.

billglick commented 2 years ago

As of 2022-10-20 the ncsa-cert-manager is not in production.